CVE-2025-0436 — External Control of Assumed-Immutable Web Parameter in Google Chrome

CWE-472 — External Control of Assumed-Immutable Web Parameter CWE-79 — Cross-site Scripting9 documents9 sources

Severity

8.8HIGHNVD

EPSS

0.5%

top 33.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Paloalto Prisma Browser

Timeline

PublishedJan 15

Latest updateFeb 12

Description

Integer overflow in Skia in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5google/chrome132.0.6834.83 — 132.0.6834.83

▶NVDgoogle/chrome< 132.0.6834.83

▶Debianchromium/chromium< 132.0.6834.83-1~deb12u1+2

▶Palo Altopaloalto/prisma_browser

🔴Vulnerability Details

GHSA

GHSA-ww3g-8h77-wr7v: Integer overflow in Skia in Google Chrome prior to 132↗2025-01-15

▶

CVEList

CVE-2025-0436: Integer overflow in Skia in Google Chrome prior to 132↗2025-01-15

▶

OSV

CVE-2025-0436: Integer overflow in Skia in Google Chrome prior to 132↗2025-01-15

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2025-0004 Chromium: Monthly Vulnerability Update (February 2025)↗2025-02-12

▶

Chrome

Stable Channel Update for Desktop: CVE-2025-0434↗2025-01-14

▶

Microsoft

Chromium: CVE-2025-0436 Integer overflow in Skia↗2025-01-14

▶

Debian

CVE-2025-0436: chromium - Integer overflow in Skia in Google Chrome prior to 132.0.6834.83 allowed a remot...↗2025

▶